Your first 100 days as an SME finance leader

Building a clear risk picture as an SME finance leader

06 Apr 20265 min read
insight featured image
To get a true handle on risk in your first 100 days, you need a high‑level view of what could disrupt your business. By focusing on the biggest threats, clarifying ownership, assessing cyber resilience, and strengthening supply‑chain oversight, you can quickly spot vulnerabilities and build a more resilient, better‑informed finance team.
Contents

In this insight, part of our guide to your first 100 days as a finance leader at an entrepreneurial SME, we focus on building an early, high-level view of risk. Visit the hub for more insight on navigating your first 100 days, from building trust with your team to stakeholders to meet with.

Getting the big picture

While you will play a key role in overseeing and managing financial risks, the extent to which the finance lead is involved with it across the business will vary depending on your business’s structure and specific needs. This is very variable from business to business.   

There are four questions to focus on in your first few months to get an overview of key risks across your business. 

1. What are the killer risks? 
No one can manage a universe of risks, let alone all the actions required to address them. Successful risk management is about focusing on what matters and enhancing knowledge and actions rather than lists and process.  
 
So, what are the top five risks faced by your business and by Finance?  

2. Who is responsible for monitoring and managing each of these?  
Identify and meet with the main stakeholders for each of these risks, and identify whether the leadership team has sufficient expertise and information to challenge the management of them.   
 
3. How does the senior leadership team communicate to the business on risk matters?  
The right risk messages should be consistently reinforced in communication throughout the business and your finance team. This begins at recruitment and induction, but should be reinforced through employee surveys, newsletters, and management information.  
 
What is the tone currently being set at the top? Are there any gaps?   
 
4. Are there robust crisis management plans in place?  
There will always be unexpected issues, but what is crucial is the response across communication, people, technology, and recovery. Are there robust systems in place to manage the impact of these low probability-high impact events, and have they been tested? 

Approaching cyber risk

Even in smaller businesses, a successful cyber-attack can lead to a major financial impact. It may result in lost sales, operational downtime or reputational damage. Early in your role, take some time to establish who is responsible for cyber security. In the majority of SME businesses, this will be outsourced to an external IT provider or, where managed internally, by an IT lead or the operations team.  

Key questions to ask are:  

  • What protections are in place?  
  • Where is our data stored, how often is it backed up and who can access it?  
  • Who is responsible for software updates, applying patches and ensuring this is monitored? 

The answers to these questions will help to identify any immediate risks and ensure that you have an idea of possible exposure.  

Check your cyber defenses are proportionate and affordable  

Conduct a review to establish whether the business has appropriate and in-date cyber insurance. Basic protections should be in place, such as multi-factor authentication, secure passwords, and regular data backups. Ensure that you have IT support, either internally or externally, who can respond quickly if a breach or possible breach occurred.

Often, SMEs and entrepreneurial businesses have a number of tools in place but these can either be outdated or may have overlapping tools. Conducting a review may identify cost savings whilst improving the cyber protection for the business.

Ask to see the cyber incident response plan  

There should be a short, practical plan in place. The key items to include are: 

  • who the key contacts are (internal or external)  
  • how to communicate with employees, customers and suppliers (and other key stakeholders)  
  • who is responsible for recovery systems and getting operations up and running again

Requesting this plan, or helping to create the plan where one isn't in place, is key to protecting the organisation or being proactive if a cyber attack were to occur.  

Understand who is responsible for cyber security

SMEs and entrepreneurial businesses often don't have a dedicated resource for cyber. As a result, it often falls under the remit of the finance lead or operations manager.  

Ensure that whoever is leading on cyber security considers the risk, necessary insurances and other impacts. You may need to consult an adviser who can assist in making informed decisions, and consider whether options are suitable, practical and cost-effective.  

Finance's role in the supply chain  

In a scaling business, the finance leader will often have far more influence over the supply chain than just reviewing costs. Your role will encompass spotting savings, improving cash flow and considering whether there is reliance on a key supplier or small number of key suppliers. 

Using key financial data such as margin analysis, an awareness of key account payment terms and working capital requirements will be a key part of working with others in the business to make the supply chain efficient and resilient. 

Identify supply chain risks   

Meet with key individuals in the business who are responsible for the supply chain, this could be the operations manager or purchasing lead. In many SMEs and entrepreneurial businesses, this will be the Owner/Founder.  

Work together to identify the main supply-chain risks. Considerations might include: 

  • dependency on a single or small number of suppliers  
  • long lead times from order to delivery  
  • rising prices, which may be impacted by current macroeconomics i.e. tariffs or stock shortages.  

When it is understood what could disrupt the business, it will allow you to provide challenge, support better decision-making, act proactively, and build contingencies into the supply chain process. 

Meet with your suppliers early

In scaling businesses, establishing and maintaining good supplier relationships can make a huge difference. Take time early on to introduce yourself to your key suppliers.  

testimonial client avatar
"Managing suppliers and customers was absolutely critical for an SME. Cash flow was everything."
Tim Nathan Chief Operating Officer, Horiba Mira

Clear and regular communication with key suppliers will help you to stay informed about potential price changes, delays, or issues that could affect the business. Building strong relationships can also put you in a stronger position when negotiating payment terms, agreeing credit limits, or discussing cost‑saving opportunities that assist with cash flow and ultimately the profitability of the business.  

VISIT THE NEXT INSIGHT
Forecasting, budgeting, and KPIs: turning data into insight
Read now
Forecasting, budgeting, and KPIs: turning data into insight
TAGS